package se.swedenconnect.opensaml.xmlsec.keyinfo.provider;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriterion;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.xmlsec.signature.X509Certificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:se/swedenconnect/opensaml/xmlsec/keyinfo/provider/EvaluableX509CertificatesCredentialCriterion.class */
public class EvaluableX509CertificatesCredentialCriterion implements EvaluableCredentialCriterion {
    private static final Logger log = LoggerFactory.getLogger(EvaluableX509CertificatesCredentialCriterion.class);
    private List<X509CertSelector> selectors;

    public EvaluableX509CertificatesCredentialCriterion(@Nonnull List<X509Certificate> list) {
        Constraint.isNotNull(list, "certificates must not be null");
        this.selectors = new ArrayList();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (X509Certificate x509Certificate : list) {
                try {
                    X509CertSelector x509CertSelector = new X509CertSelector();
                    x509CertSelector.setCertificate((java.security.cert.X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64Support.decode(x509Certificate.getValue()))));
                    this.selectors.add(x509CertSelector);
                } catch (Exception e) {
                    log.error("Failed to decode certificate", e);
                }
            }
        } catch (CertificateException e2) {
            throw new RuntimeException(e2);
        }
    }

    public boolean apply(Credential credential) {
        if (credential == null) {
            log.error("Credential input was null");
            return false;
        }
        if (!X509Credential.class.isInstance(credential)) {
            log.info("Credential is not an X509Credential, cannot evaluate certificate criteria");
            return false;
        }
        java.security.cert.X509Certificate entityCertificate = ((X509Credential) credential).getEntityCertificate();
        if (entityCertificate == null) {
            log.info("X509Credential did not contain an entity certificate, cannot evaluate certificate criteria");
            return false;
        }
        Iterator<X509CertSelector> it = this.selectors.iterator();
        while (it.hasNext()) {
            if (it.next().match(entityCertificate)) {
                return true;
            }
        }
        return false;
    }

    public String toString() {
        return "EvaluableX509CertificatesCredentialCriterion [selectors=<contents not displayable>]";
    }

    public int hashCode() {
        return (31 * 1) + (this.selectors == null ? 0 : this.selectors.hashCode());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        EvaluableX509CertificatesCredentialCriterion evaluableX509CertificatesCredentialCriterion = (EvaluableX509CertificatesCredentialCriterion) obj;
        return this.selectors == null ? evaluableX509CertificatesCredentialCriterion.selectors == null : this.selectors.equals(evaluableX509CertificatesCredentialCriterion.selectors);
    }
}
